This site may earn affiliate commissions from the links on this page. Terms of use.

When it comes to providing security updates for previous products, various manufacturers have pursued different strategies. Some, like Microsoft, tend to provide security updates long after they’ve stopped selling an operating system (Microsoft only stopped providing Windows XP support last year). Others, like Google and Apple, have pursued tighter timelines for security updates. Google is now doubling down on that schedule, refusing to patch bugs in Android 4.3 or prior, even when those bugs could expose critical vulnerabilities on nearly a billion devices.

The flaws in this case affect Android 4.1 to 4.3, aka Jelly Bean, which began shipping in mid-2012 and was the primary version of Android through late 2013, or roughly 14 months ago. Up until quite recently, Google has aggressively patched problems in Android’s WebView rendering engine. Before KitKat (Android 4.4), all versions of Android used the version of WebView found within the Android Browser for rendering HTML webpages. With KitKat and Lollipop, Google updated the operating system to use a WebView plugin derived from its Chromium project.

When Security firm Rapid7 discovered a new exploit in the Android Browser version of WebView, it contacted Google to inform the company that Android 4.3 and below were vulnerable. Google’s response and policy change are raising major eyebrows. Specifically, the company states that:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

In other words, security staff are now expected to submit a patch to fix an issue when they report it. If they do, Google will “consider” the patch to see if it resolves the problem. If they don’t, Google now says the only thing it can do is inform various OEMs of the problem.

What Google is doing, in essence, is telling its user community “Sorry, you have to tell Samsung, LG, and Motorola to provide you with an updated version of our operating system.” This is hilariously impossible. It would never fly in the PC world — imagine Microsoft telling customers “Sorry, you have to make HP, Dell, and Lenovo provide you with a free update for our operating system.” The disparity is even larger if you consider that, in most cases, a computer running a previous version of Windows can be upgraded by the end user to run the next version. That upgrade may be a headache, but system requirements on Windows haven’t budged in nine years.

The average phone or tablet buyer has no way to upgrade their operating system unless the carrier provides an OTA update, and two-year upgrade cycles means that plenty of people are going to be stuck on broken devices with known exploits that Google isn’t going to fix. Granted, the fact that Google fixes an exploit doesn’t mean that carriers will deploy it, and fragmentation has been a major problem in Android’s ecosystem over the years — but there’s a difference between acknowledging the difficulty of maintaining security updates for the entirety of one’s user base and flatly refusing to do them.

Pushing OEMs off open-source Android

One obvious reason for Google to stop fixing Android Browser problems is that the company is aggressively moving to get OEMs to stop using Android’s open-source features and to replace them with features licensed directly from Google. Ars Technica has done an extensive write-up on this trend here, and getting rid of the Android Browser is a key facet of moving away from an Android that’s actually maintained and useful.

No, Google isn’t killing Android — it’s just ensuring that the only parts of the program that get feature updates, capability improvements, and performance enhancements are the parts that require licensing agreements and promises not to develop competing products. The reason Amazon’s Kindle Fire has its own app store, and Samsung’s continued interest in Tizen are both the result of Google’s push to embed itself into the center of mobile business while paying lip service to the idea of open source.

By throwing all of the responsibility for security updates back on carriers and security researchers, Google is telling OEMs that they can either agree to its licensing terms and fall in line, or take on the responsibility of performing security updates that they’re typically not qualified or funded to do. It’s a trick worthy of Microsoft in the Bad Old Days, and it’s particularly funny to see the company doing this, given that it threw Microsoft under the bus in December when it published the full details of a security flaw two days before Redmond patched it, on the grounds that the desktop and laptop OS company wasn’t moving fast enough.

Tagged In

I’m not saying Google is in the right here, but your argument in this case does not make sense. ” This is hilariously impossible. It would never fly in the PC world — imagine Microsoft telling customers “Sorry, you have to make HP, Dell, and Lenovo provide you with a free update for our operating system.” The very large difference is that Microsoft does not make the source code available, and and Google does make the source code available (for AOSP modules, etc yes I know there plenty of pieces Google does not release code for too.)

It’s a completely different support model though because the OEM’s ARE the responsible parties. That’s why we have to wait for OS updates from them directly, and then via the carriers. I think Google should step in and help here, but it’s just a different situation.

Joel Hruska

I agree with you that the source code availability *does* make a difference, but Google has previously provided this support and capability. Now the company is saying: “Sorry, we quit.”

So this leaves the OEMs in the lurch. They can either invest in their code authoring and maintenance, or they can sign agreements with Google that further lock them into the Google ecosystem. Even if they choose to do the former, it’s going to mean a great deal of duplicated work between vendors, whereas the point of Android (well, one of them) was that you had a common vendor with a common platform that obviated the need for each OEM to write its own custom code for such issues.

Now, you’re correct that in the PC world, Dell and HP would have no ability to patch Internet explorer, but end *users* of those Dell and HP systems could at least choose to perform the upgrade themselves. If Samsung / Moto / LG etc don’t provide these OTA updates, then their customers have no option to do it for themselves that doesn’t involve a fairly advanced knowledge of hardware mechanics and jailbreaking their devices. I suspect very few people would actually upgrade, but buying a $450 – $600 device off contract is fairly unpalatable.

Darren Reid

Everyone should be on the latest version of android. The reason people aren’t are because manufactures and telecoms don’t make it a priority to release OTA updates. That’s not google’s fault, if a manufacturer chooses to use an outdated version of android, they can support that outdated version. Think about when software like java finds a bug. They don’t patch every version in existence. They release a new version that is pathed. If the manufacturers take charge of java updates, it’s up to them to make sure people are on the latest version.

Lu

“Everyone should be on the latest version of android.”

Might as well wish for the moon!

Darren Reid

It won’t be long until google starts putting disclaimers on older versions saying they are insecure. They launched an entire web browser to force people to be on the latest technology on all platforms. I assure you, in their eyes everyone being on the latest version isn’t a pipedream, it’s the next step for android.

Joel Hruska

“They launched an entire web browser to force people to be on the latest technology on all platforms. ”

Thankfully, I run Windows 7 Pro, and was able to put a stop to Chrome’s auto-update BS. I never cared until this time last year, when they pushed out an update that left my browser so unstable, I had to start using a Chromium beta to fix the problems. Rampant crashes to desktop without warning, and nothing logged. No common repair methods fixed it, the only solution was to start using the beta tree.

Mine does. What gives you the mistaken impression that Chrome doesn’t auto-update on Linux?

R.R.

someone who doesnt use linux but yet wishes to sound like they’re tech hipsters

John Scott

Its open sourced and the problem is device makers push out whatever Android flavor that works for a device and cares little about it afterwards. Yes, the cellular providers make things worse, but if the updates don’t support the hardware. Your out of luck.

Kyle Waitforit Gorter

“Might as well wish for the moon!”

Might as well wish for a vasectomy and never reproduce!

Joel Hruska

No, it’s not Google’s fault that manufacturers don’t choose to provide updates. It is Google’s fault for refusing to provide updates for the operating systems that comprise more than 60% of the entire Android ecosystem.

Jonny Gerrish

None of the OEMs will push updates of their Jelly Bean phones.

Darren Reid

The technology world moves so quickly that nowadays if you are using any version but the latest, it’s outdated. Playstation don’t let you play unless you are on the latest version. Steam doesn’t open until it updates. Along with most other software nowadays. We don’t live in an offline world. Google have decided to follow a similar mindset. I actually applaud them for it. However they do deserve criticism for doing this out of the blue. This should have stated 6 months ago to manufactures that unless your devices are on the latest version, we will no longer support them.

Plus your statement “It is Google’s fault for refusing to provide updates” isn’t true. They are providing updates, in the form of the latest version. You just don’t like that, I think its the future.

Joel Hruska

“The technology world moves so quickly that nowadays if you are using any version but the latest, it’s outdated. ”

I purposefully avoid the latest version of just about anything — including Apple’s operating systems. I realize this is an Android-centric conversation, but just to prove this isn’t personal — you know why I’m not on iOS 8?

Because while it *does* provide some faster web performance, virtually every day-to-day interaction, app load, and phone boot is slower. It takes up more storage space. It still has bugs to be worked out. So I’m not interested in taking my iPhone 5C up to iOS 8.

The only reasons I would upgrade to the new OS would be a truly critical security bug. Upgrades that don’t fix major problems typically aren’t worth the performance you lose in the process.

(I avoided Windows 8 because I refused to pay Microsoft for Metro, which I considered a half-baked effort at best. That, however, is a separate topic).

Tom

I’m with you on that. I like to wait a little bit and see if anyone reports their machines bursting into flames before I install an update on my own stuff.

That said… sort of leaning in Google’s direction here.I am a user of two Jellybean devices, both of which will NEVER get an update to 4.4 or later due to manufacturers and carriers not caring (and the former refusing to release source code for custom ROMs). Google are wasting their time pushing an update in my case, and those of countless others in the same situation. A select few might get such a security patch pushed to their devices, but that’s it.

I’d much rather they doubled-down and forced carriers and manufacturers to pull their fingers out.

danny byun

Omg I took my iPad and iPhone 5c to ios8 and my goodness the WiFi drops multiple times a day…I learned my lesson and will be doing the same thing as you from now on

oxhanoverxo

But then you can’t complain about market fragmentation when your the reason it’s happened.

Darren Reid

As it stands I see your argument as this; that often when you buy a device it is advertised/available with a particular feature. Updates have the potential to remove this feature and remove functionality (be it a decrease in storage space or removal of a software application). Therefore often it is important to some that they remain functionality of these earlier versions. That is a valid argument and should have been more clearly included with the article. At the moment the article isn’t balanced and is Google bashing. I never disagreed with your premise, just disagreed with your presentation style. You should have included the negatives and positives of this move and explained who this effects, if not the readier. That is a balanced and informative article with a well presented argument. The above article at the moment is far from this and is a poor piece of work, although I have to commend you on your research, its a good story. Just not well explained.

Jostikas

Given that windows 8 is actually faster than 7 (went from XP to 8 on my parent’s old box, after having tried 7), that last one is subject to criticism.

R.R.

great, just buy iPhones, you at least can be sure to get iOS updates and not be thrown under the bus

b_c

When I read stuff that essentially says “we MUST keep updating or we will die” I cannot help but shake my head in disbelief – when are people going to understand that ‘security’ is an illusion created to take away your free will? Those who don’t learn form history are condemned to repeat its mistakes, so it seems! Haven’t you learned that those who are willing to forfeit freedom for a little temporary safety get neither? What a sorry bunch paranoid security freaks are!

‘Updates’? NO, THANKS! I’d rather take the ‘risk’ to choose how I live my life and run exactly the operating system I choose and do exactly the things I want with MY devices, the solutions to real problems have always existed and always will.

random1uploada .

Even if Google did provide a patch, it’s still up to the OEM to release it to their users. And the reason I’d say for no one using Lollipop, is because they keep having to buy new devices to upgrade almost every new version of Android that gets released, even though the device is hardware compatible to upgrade.

If the OEMs released the later versions, it wouldn’t be a problem. It’s entirely the OEM’s fault really, they stop the updates so that the users HAVE to buy a newer device or contract, it’s the way business works.

Joel Hruska

I agree with you that OEMs control whether or not they push patches, true. But OEMs can’t push patches that Google doesn’t create.

random1uploada .

And if OEMs pushed updates, they wouldn’t need to push more patches for each version, and thus no need to push a patch for this current bug.

Of course, I do agree, Google could give a little to the consumer, but after all, they offer this OS open source and free of charge, there’s only a certain amount of people working on Android and they can’t develop patches as well as concentrating on the latest OS which is a more beneficial one to go for. I think its their way of being like look, this is free, stay up to date with us and well look after you.

Agreed Google is being a bit of a pain lately with privacy issues elsewhere, but the amount of money they could be making off Android is unbelievable, yet its still open source.

Google did fix the problem with the updated OS, the OEMs refused to push it. Now you want Google to “refix” the problem?

” It is Google’s fault for refusing to provide updates for the operating
systems that comprise more than 60% of the entire Android ecosystem.”

They did provide updates for the OS that comprise more than 60% of the entire Android ecosystem. It’s called KitKat and Lollipop.

I really don’t understand what you’re trying to say. It just sounds like you have a bias against Google. What you’re basically saying is that Google should make a patch for every previous versions of Android even though they already fixed the problems several updates ago. And yes, it’s all free to the OEM that refused to push an update.

Tom

Addressed this in my other comment, but in essence your statement works both ways. Google can’t get patches onto devices OEM’s won’t push. And that situation is FAR more likely, of the two.

Anyway just wanted to chime in with @Zunalter and agree that it’s nice you’re discussing this with us instead of just writing an opinion piece and then wandering away. Clearly it’s a very polarising topic!

eAbyss

“I agree with you that OEMs control whether or not they push patches, true. But OEMs can’t push patches that Google doesn’t create.”

Except Google did create patches, they’re called KitKat (4.4.4) and Lollipop (5.01). The OEMs have no interest in keeping most phones up to date.

John

>> No, it’s not Google’s fault that manufacturers don’t choose to provide
updates. It is Google’s fault for refusing to provide updates for the
operating systems that comprise more than 60% of the entire Android
ecosystem

This is a nonsense statement, when you fold it back into the reality that: Anyone who is actually USING one of those old versions of android, has been screwed over by their manufacturer or carrier who failed to give them an updated OS.

Zunalter

Thanks for taking the time to engage your audience, I for one really appreciate the back-and-forth.

waterrockets

If Google pushed a patch to 4.3 right now, it would reach exactly zero phones. The Android ecosystem doesn’t work this way. Patching 4.3 is a waste of time and money. All the phones that would potentially receive such an update (like a Nexus 4) are already up to Lollipop or at least 4.4.x.

If a user is interested in the latest security patches, Nexus, Moto X PE, GPE, or iPhone phone are the real choices.

Neel Gupta

So, it was Microsoft’s fault for refusing to patch XP OS vulnerability !

Bruce

The reason why 60% of the entire Android ecosystem is not using the latest OS is because the manufacturers don’t update the OS. So in that sense, I’m actually glad that Google is now not patching older versions. That will hopefully entice manufacturers to update the OSes. And if not (which is the most likely case), the publicity of not having a patched version should drive consumers to manufacturers like Motorola that do update their OSes. Also very unlikely. What is more likely is articles like yours with headlines like yours.

The problem is not that Google is not patching the old versions. The problem is that manufacturers and carriers have not updated the OSes of the old phones. And until consumers start talking with their wallets, this will continue. I buy Nexus devices and from now on will buy Moto devices – precisely for this reason. I am also not on Verizon. I no longer buy HTC or Samsung phones. And my LG G3 will be the last LG phone I buy.

Sheila Richmond Wissner

There is no OS upgrade for my Motorola Droid X even though it is a perfectly good phone. Am I missing something?

So if manufacturers decide for no reason to stay with Gingerbread, does that mean Google should continue to support that one version although they are already have improved it and fixed bugs in future versions?

Joel Hruska

No. Gingerbread is more than four years old.

Here would be my minimum argument: Google should support each operating system for a minimum of two years, which corersponds to the *minimum* amount of time that phones using that version of the OS are sold on-contract. Since most people still upgrade devices when their two-year contracts are up, that’s the length of time Google should support any given version of the operating system.

Google and Android dev team are not responsible for contacts. You might be on 12 month contract or 24 month contract, or 4 year and still use Gingerbread (I know it doesn’t happen)

If you buy a piece of furniture and it breaks, you don’t go to the lumberjack complaining about his wood, you go to the furniture manufacturer. Same applies here.

It was said before, the patch was Android 4.4 (if we stick to the major.minor version system), and if the .4 was a patch, the OEMS and carriers are the ones to blame for not pushing it

Joel Hruska

Google is not “responsible” for contracts, but Google (like any business) does well to understand the contract and repeat business of its customers. Google has its own line of phones. It has a business cycle. Google knows that contract customers tend to update every other year, and it knows something about when that happens based on previous sales and the overall size of the Android market.

If you look at the Android and iOS releases, you’ll often find cadences that match this pattern — and Google doesn’t have to be “responsible” for contracts to recognize that providing updates that match the usage patterns of its volume customers is a good idea.

mickrussom

So what is your response to Gnex owners? Its bullshy that google-nsa sold me a phone and then leaves it r00table a mere 2 years down the road. Google is a slimy company

Neel Gupta

Microsoft-NSA are still selling us computers vulnerable to hacking !

Sean Nosecondname

Well in the PC world again, Microsoft have pulled support for XP and so many businesses still use it because vista was crap and 7 and 8 are expensive to equip a whole business with. You say every android user should be on the latest os update but many simply can’t cope. The api requirements are too much. My S4 was amazing on 4.4.2 but on 5.0.1 it was running in quicksand until I had to flash it back with Odin. The S5 I have handles it well. It wouldn’t make business sense anyway, updates are cut for older models, even relatively recent models like the S3 because money talks and people get bored of the same boring interface they’re stuck with and upgrade

CelestialTerrestrial

They can’t, they have to buy a more premium priced phone and most of the Android users don’t have any money in these 3rd world countries like India and only some people in China can afford a new premium priced phone. Look at how long it takes for people to upgrade their OS. It takes several years. It only takes Apple users less than a year to migrate to the latest OS, something that Android will NEVER have, that’s the problem with the OEM strategy, it just can’t get their user base up to speed, even Microsoft has a tough time getting users to migrate to a newer OS. That’s a major flaw in the OEM strategy. Plus, they cater to the ultra low end market and you can’t get a decent priced unit that’s capable of running the latest OS.

CelestialTerrestrial

Yeah, it is Oracle’s job to patch Java, but Java is not really an operating system, it’s a plug-in to another OS. It’s kinda different. It’s like Flash, it’s Adobe’s responsibility to update Flash as it’s a plug-in.

John

>> So this leaves the OEMs in the lurch.

No, no it does not. OEMs either upgraded those phones to later versions of android, or they didn’t.

If they did, Google has them covered.

If they didn’t, then its the OEMs who have screwed over the customers.

massau

maybe sthey should have used an mozzila v2 lisence instead of apache lisence for there android opensource code, This would have forced the OEM to push patches back to the main project and avoid duplicated work. But still allowed to add closed source code ontop of the android project.

SomeoneYouKnow

You are incorrect. Aside from Nexus and Google One phones, Google has **never** provided this capability.

If anything this is going to shine the spotlight on the vendors more harshly to keep them up to date. There is no reason whatsoever any phones should still be running Android 4.3 or prior other than vendor laziness in supporting their devices and wanting to push consumers to keep buying new phones. I have Android 4.4 installed on a 5 year old Samsung Galaxy S (third party ROM from XDA) and the phone ***sings*** compared to its stock OS.

Angello Obel

the reason Google is replacing some of the OEM features is because that way updates can go out regardless of the oem or carrier. It’s not as nefarious as you make it sound. Right now if there is a bug in the aosp browser, Google may release a patch but not all OEMS will release that patch to all their devices. On the other hand a patch to chrome is available to all chrome.
I believe the point of android is that it is open source so anyone can submit a patch. By the way what Google is doing is actually how a lot of open source projects work including Linux itself. Not all patches to Linux are authored by a single entity although they are ultimately reviewed by one

“Not all patches to Linux are authored by a single entity although they are ultimately reviewed by one”

True but understated. Each release of the Linux kernel includes patch sets from over a thousand individuals representing over 200 distinct companies, and critical security patches are back-ported one release for those who haven’t yet transitioned. That’s it. *This is how open source works.*

Google has provided patches to their previous release. Products using older versions should provide those patches by upgrading to Android 4.4 or (better) 5.0.

That’s the deal. It’s time for smartphone vendors to step up and keep their products up to date over the entire life of their products, and customers should vote against those who won’t with their wallets.

“end *users* of those Dell and HP systems could at least choose to perform the upgrade themselves”

Your argument isn’t true in the global sense, and is also flawed in the business sense.

In the global sense, it simply isn’t true that any Windows PC can be upgraded by an end user, while no Android phones can.

Many Windows XP PCs use older hardware for which drivers were never developed in the Vista-and=later model, and since the hardware is proprietary neither the vendors nor Microsoft have any financial incentive to create them or maintain the older drivers. Thus, users don’t always have the option to upgrade their existing hardware or drivers themselves.

On the flip side, AOSP-based distros such as Cyanogenmod *are* available for many phone models, so that end users of those smartphones *could* perform the upgrade themselves if they were so motivated.

The situation is not nearly as black and white as you portray it, I think.

The business model you overlook is that Microsoft collects money from end users either directly or via the “Microsoft tax” on PCs to provide longer-term security patch support for ancient versions like XP (yes, they *still* provide patches – again, for enterprise customers who pay extra for that service), while Google doesn’t. You seem to be demanding that Google provide yet another service for free while lauding Microsoft for providing it for a fee.

If Dell and HP want long-term security patch support from Google like they get from Microsoft, the answer is obvious: They should pay Google the same fees as they pay Microsoft for this service.

Ryan Strait

I mean, in all fairness the reason android phones are still running 4.3 and lower is because the OEM’s build their own flavors of Android off of the open source. Otherwise updates would be just as seamless as it is with the Nexus family, and almost everyone would be on 4.4 which was designed from the outset to run remarkably well on old hardware.

What they’re saying is that they won’t write an Android patch for each phone is existence. Each vendor modifies Android, each carrier also loads on their own custom architecture. So Google wouldn’t just be patching HTC devices, they would be writing different patches for Verizon, T-Mobile, and Sprint. Apparently they will help examine a patch that’s already been written though and help from there. If you’ve spent any amount of time flashing ROMs or digging through xda-developers.com you’ll rapidly come to appreciate the amount of time and effort that goes into patches, and how frequently they need to be specialized for each carrier on each device. Frankly it would be insane, and put Google back in the unenviable position of supporting each mobile company’s Android offering.

Also, as an aside it would be neat if you wrote a piece on rooting phones, because the difficulty of making an Android device your own is wildly exaggerated and often compared to Apple’s hatred of anything outside their environment. Also, I just realized this whole issue can be resolved by going to the appstore, and downloading Chrome for free. Which is neat.

MoogleStiltzkin

but some of these oems seem less inclined to provide latest firmwares for models they consider to be too old in order to promote their userbase to upgrade their phones.

i posted earlier my i9300 samsung example, which it wasn’t officially provided a kitkat upgrade, so officially users are stuck using the insecure jelly bean 4.3 at best o_o;

“There is some great news for Galaxy S3 (GT-I9300) owners as industrious XDA Senior member, arter97, has ported the most-awaited official Android 4.4.4 KitKat update for Samsung’s ageing smartphone.

The official update for international variant of Galaxy S3 has been reportedly ported via Samsung’s recently released Android 4.4.4 firmware for the LTE version of Korean SHV-E2105, SHV-E210K and the SHV-E210L models of Galaxy S3.”

notice the ported…. so it took unofficial channels via the highly esteemed xda forum community in order to unofficially port a firmware to use for the more common i9300 model …..

the i9300 was released in 2002, thats only 3 years ago but from samsung’s standpoint it’s a product not worthy of getting kitkat upgrade officially …..

this is a bad thing for the android fans who are stuck in a similar situation ;_; will only encourage users to flow back to apple phones if only just for the guaranteed firmware updates without this bs.

One other important difference between Microsoft & Google is that Microsoft earned revenue selling the various versions of Windows that it supports, while Google has been supplying Android FREE to handset manufacturers such as Samsung. So…. where’s the portion of the revenue stream for Google to tap to provide continuing support for older versions? More likely, why haven’t Samsung & Motorola etc. been aggressively updating older devices? Because they want to sell NEW ones !

Casey Goodhew

Even if and when Google patches bugs, the OEM’s are under no obligation to release them (and typically don’t). That’s why Google has moved everything to the app store in the first place! It gives them control back to push important security updates out without relying on insanely long wait times that the OEM’s put in place.

R.R.

WOW ALL THE ANDROID WHITEKNIGHTS ARE OUT IN FORCE! and they say Apple users are sheeps lol

gorkon

In this case they are right. It’s NOT Google’s fault. They fixed it. It’s the OEMS and carriers fault….but then you’re just a troll.

R.R.

yeah yeah, if I’m not anti-Apple, I’m a troll ;)

Dave Acklam

What makes the difference is that:

1) Android is at the ‘Windows 3.11’ stage of it’s evolution – back when PC OEMs skinned the-crap-out-of Windows to make it look like the inside of your house, et-al.

The product the user sees is almost never the one Google shipped.

2) The phone-companies are the ones demanding individual custom per-phoneco operating systems on their phones… So releases/updates start with google, then go to the OEM, and are actually produced/released by the phone company that has to pork it full of bloatware & revenue-generators like pay-to-tether apps (or pay to navigate, in the early days of Verizon’s Android products), CarrierIQ, etc…

SumGuy954

Bugs, exploits and so one are nothing compared to the horrible performance of all the phones out. As far as I am concerned all the Smart Phones out are horrible. I hate all of them. Even the best of the best disappoints me. These so called quad and octocore performs worse than a classic core duo.

Lu

Apple phones generally work well – until new OSes come out that use more and more cpu / memory. My iPhone 4 worked great for years until a few OS updates later it’s so sluggish now. Too bad less isn’t more.

Joel Hruska

Your iPhone 4 is a single-core Cortex-A8 and closing in on five years old. Modern ARM cores are quad-core configurations at about 1.8x the clock speed. The Apple A8 SoC is roughly 1.62x faster in terms of clock speed, packs 2x the cores, and then is likely at *least* 2x the efficiency of the A8 in the iPhone 4. Put it all together, and the modern iPhone 6 is 5-6x faster than the iPhone 4.

Time brings change. Time to upgrade.

Joel Hruska

I’m not sure what you expect on that score.

A “classic” Core 2 Duo was a 65W CPU clocked at 1.87 – 2.67GHz. It required a full-size desktop or laptop to run. Laptops with these chips packed it in at 3-4 hours.

Today, a modern smartphone will run between 5-10 hours in the same workloads. In some cases, like video decode, they will run far more efficiently than any Core 2 Duo could in the same test cases. They drive displays with resolutions of 1080p – 1400p, where the Core 2 Duo family had no integrated graphics whatsoever. They accomplish all of this in a power envelope that’s literally one *tenth* that of a C2D.

While I’m certain that there are still areas where a C2D would be faster, particularly workloads that require full power and aggressive computation like gaming, a quad-core mobile chip can accomplish most of the same work in a tenth the power consumption and with better battery life.

SumGuy954

Maybe I said it all wrong. Bottom line. I want a laptop in my pocket that works also as a phone. None of these phones support desktop apps or work as they do on a desktop. They are all dumbed down versions if they exist at all. That’s why I hate them all.

Joel Hruska

Ahah! Now I understand.

That’s still going to be quite some ways away, however. You need a foldable screen or similar. You can, however, get a tablet with a dock for under 2.5 lbs, and that’s getting closer to your “laptop that works like a phone.” Not there yet, no, but a good bit closer than we were 5 years ago.

FrankenPC .

I’m thinking the way to the future is something like eyeglass support for very large desktop displays at high resolution. No matter how big a smart phone foldable gets, it’s still not big enough. Unless they come out with some crazy new tech that is thin as paper and can unfold to a full 15 inch size.

Stacey Bright

His complaint is why I personally have no justification for ARM tablets. While I don’t see myself needing/wanting a X86 phone running Windows 7, I see no purpose in having blown-up phone, with no phone. Pretty much why I always refer to the ipad as the ipod large, or micro-large in case of the mini. I’m fine with smartphones being primarily phones with supplemental computing features. As much as they are technically little computers with built-in screens, they aren’t really capable of doing anything of substance to justify $600 price tags. IMHO.

Joel Hruska

Heh, iPod Macro, maybe. ;)

My cat gets as much use out of the tablet as I do. ;)

John

>> As far as I am concerned all the Smart Phones out are horrible. I hate all of them.

Have you tried a Galaxy Note 3 or 4, using a custom ROM?

That sh1t FLIES !!! The note phones are really just AMAZING.

Swap out samsungs software and put a custom rom on there!

eAbyss

Screw Sambloat, try a Nexus.

John

I used to feel the same way, based on my experiences with great Nexus devices and Galaxy S series phones. The Galaxy S phones have amazing hardware, but then there is that samsung software…

But then I got a note phone.

The Note series is awesome!! Note phones are so incredible I’d gladly put up with sammy’s software.

I may still end up romming my phone, but even with sammy’s software, the Note series is better than Nexus devices.

eAbyss

Well considering that only the Nexus 6 can be compared to the Note series and it’s beating out the Note 4 and iPhone 6+ in nearly every review…

John

Yeah, the Nexus 6 is another great phone.

I’m just saying we don’t need to always fear the samsung software.

lamorpa

Nonsense. Start to finish. All the phones are below ‘average’? The statement doesn’t even make sense.

Denver Catboy

Irony: Google outed Microsoft not to long ago for an unpatched bug in Windows. Well, I guess you can always just say “go to the manufacturer”….

I supported Google’s exposing the Microsoft bug. It’s too bad that someone doesn’t do the same to Google, but then again, Google doesn’t suffer — vendors get the blame here.

Darren Reid

Google publishes bugs 90 days after they are found. In this instance thats pretty much what they have done. Heres a bug but we aren’t going to fix it.

That motto was little more than hot air the second Google had its IPO. Here in the Silicon Valley, it’s common knowledge that Google *thinks* it isn’t being evil, which basically enables it to behave however it wants because it assumes it has the moral high ground.

I have been an Android user for a long time, but this pathetic laziness on their part has almost guaranteed that my next phone will use Windows or iOS.

galaxyNote4isBoss

In reality GOOGLE has always been a sad joke in the way they conduct business you never bite the hand that feeds you they seem to do that very well like a bunch of spiteful cunts.

They should be mad at what they did to users who realized how broken 4.4.2 KitKat was compared to Jellybean 4.3 with the write to sdcard issue. They never told customers who purchase android products about the change to KitKat in comparison to Jellybean 4.3 and those customers lost valuable information and sdcard support so they rebelled and went back to Jellybean 4.3.

At the end of the day GOOGLE can go FUCK THEMSELVES all day long on a park bench and if manufacturers were smart they’d make Google name that toon in one Note.

At the end of the day GOOGLE doesn’t make shit they just like putting their name on stuff other manufacturers make.

Carriers told GOOGLE to shut the fuck up and go sit in a corner and because of that down went project Volta I was happy about that.

Now GOOGLE and this bullshit if I was manufacturers I’d back that GOOGLE ASS up to the wall again cause at the end of the day manufacturers determine the strength of this platform just like us the consumer does.

Lu

Colorful post :-)

Well technically they make software, so that’s making “something” but it’s certainly clear they’re drawing the line between what they will do and no longer do.

It’s certainly shocking in the sense that oh mighty Google is balking at something that appears so minute.

squiddy20

Almost all of what you just said is only the mindless made up crap that could come from your delusional bald head. There was no such “rebellion” in answer to the changes between Kitkat and Jellybean. Project Volta didn’t go “down”, because who the f*ck in their right mind would turn down free optimizations to Android that would improve battery life? Also, it’s not like Google has never published a change log whenever a new Android version comes out or anything.
Finally, the fact that you can barely spell simple words and phrases, or use them correctly in context, takes away from you’re entirely poorly put together “argument”. For God sakes, you said “Google name that toon in one Note”. Good lord you are an idiot.

John

You seem very angry.

I haven’t had these issues, but I know a lot of very angry iOS users that had their photos erased during a routine update.

lamorpa

…in your mind (only) (all of it)

Reed

Hey bitch,

Your little toy of a device that you so often yank about, the note 4? Yea, wouldn’t exist without Google. They are much more responsible for your phone then Samsung, a company that prides itself on creating some of the most absolute worst software that the modern world has ever seen.

There’s a reason their profits are draining rapidly.

Anyways, back to the post…

I’m due for an upgrade, and I think in a week or two it’s time to go back to ios. I positively dislike the direction Android is moving in.

MoogleStiltzkin

i don’t mind having to upgrade to the newer firmware. but the issue is will it be on my device ?

A while back (maybe even now, though not sure), my i9300 phone did not officially have any 4.4.4 kitkat support. The reason we were told was that our device did not have enough ram.

But the thing was, there was a kitkat made available for one device that did have similar amount of ram, so that was totally bullshit excuse.

So if a firmware upgrade was not possible, then we would be stuck on 4.3 and have no way to upgrade to 4.4.4 with all the necessary security upgrades.

That would have meant a short lived product cycle for an expensive phone, which was cut short because of no way to officially upgrade firmware to the latest.

Yes there are unofficial ways of doing so, but most regular users won’t know how to do it, and just complicates it for them that they end up not doing it. There are still many dinosaurs out there from the older generation who are very bad at tech to know these things lelz.

also ported methods tend not to be as stable compared to official sources for the new firmware updates, which is another issue.

another concern is, a big majority of users haven’t moved to lolipop. aesthetics aside, the performance on it is subpar to kitkats currently, probably because it still needs some ironing out. So in this instance, would google provide security fixes for kitkat till people are confident enough in moving to lolipop ? this is a big question ;_; then again maybe it was already clear as day what the answer is …..

anyway bottom line…..
1. upgrade to newer firmware isn’t an issue if it’s an official release for all devices …… (though it would be much easier if they made backups as good as titanium backup for the less tech savy users to make the upgrade process easier)

2. firmwares tend to not be the latest for some phone models, probably due to them wanting us to buy new phones, which not everyone is keen on doing every 2-5 year cycle. So google needs to make a choice. Either make android a product sold like a windows os, but guarantee that security and performance upgrades will always reach all devices (without the bullshit excuse as in my example prior); or at least patch up older firmwares for devices that cannot update to the latest.

if they don’t change their practises, lots of android users stuck on older firmwares will be left stranded and vulnerable to malware/viruses/exploits. It’s dangerous especially for a mobile phone which has so many personal thing on it, and is connected to the internet …..

Grahaman27

another terrifically terrible article from extremetech. even if google decided to waste their resources on making updates for obsolete OSes, manufacturers would need to modify the firmware, then have carriers approve the update.

Luckily, google decoupled webview from android, so this is no longer an issue. extremetech is the only one throwing anyone under the bus

Joel Hruska

Again, I love how 14 months old is “obsolete.” Tell me something: Is Windows 7 obsolete? Is every version of Mac OS other than the current? You *are* aware that when companies sign service contracts, they sign them for longer than 14 month periods, yes?

Sure, we can agree that there are products that are obsolete. Windows XP, at 14 years old, was clearly obsolete. But it’s absurd to claim that a previous version of an operating system supported on mobile phones that haven’t even hit their two-year contracts yet are now old and busted. I’m an iPhone user, so I don’t have a particular dog in this fight, but my iPhone 5C isn’t “obsolete” just because it’s 14 months old.

14 months is not old. What is stopping you from buying Windows 8 if you have Windows 7? Money. You have to pay for that “update”. What is stopping a OEM to release a new version of an OS to their devices? Incompatibility? Then its their fault for making a bad phone. KitKat has lower demands than JellyBean. Why not move if there is clearly a patch? Its open-source, so free. If they make changes and they can’t update them in time, its their fault, or laziness

John

Yes, windows 7 is obsolete.

Also, your 5C was almost obsolete the day it came out.

Joel Hruska

I consider a product obsolete when it can no longer run versions of software that I wish to run on it in a timely fashion, or when it *cannot* be patched to take advantage of features or capabilities.

So, for example: Windows XP was clearly obsolete. There was no reasonable way to patch things like Direct2D support into the GDI+ GUI.

The iPhone 5C is not obsolete. My phone plays every game, runs every web page, does every task I can ask of it. I only upgraded because I broke my 4S. I *will* upgrade my 5C, probably in 18-24 months, depending on whether I stay with my carrier, on-contract, etc, etc.

Phones based on Gingerbread, Froyo, Honeycomb? Clearly obsolete at four years old. Phones 14 months old, still on contract, and in some cases, still being *sold?* Not obsolete.

John

Okay, you have a decent (thought not universal) definition of obsolete, and you use it evenly.

The problem is that there’s no easy way to get the new versions of Android. The update situation is atrocious in 2014.

And I also dislike the way Google has been maintaining the aosp. It just doesn’t feel right to me.

Erik Kira Welander

If OEMs actually did their part and RELEASED UPDATES instead of leaving its users in the dark after release this wouldn’t be a problem.
But no, fork the code, contribute nothing, ship it and forget about it.
Google has already submitted a patch, its called Android 4.

Sim Kern Cheh

As far as this is concerned it’s the OEMs who are not bringing their customer base to a later version. It’s unreasonable to demand that someone else maintain their old code when clearly the time can be put to develop new features for android

This is very different from Microsoft Windows and such because newer versions require the purchase of a new license and the source is not published. As far as android is concerned OEMs stop being lazy and cherry pick the fixes themselves.

Joel Hruska

So, less than 14 months old is “old” now, when devices run on two year contracts? I beg to differ. There are still Gingerbread devices being sold today — *that’s* old.

MoogleStiltzkin

yeah i saw some android phones selling cheap. but i notice what android firmware they are using, and they are susceptible to heartbleed. and when considering buying an android phone, we got to do our homework and see how well supported they are officially (oem) and unofficially (xda).

an android phone that can’t be upgraded to the latest firmware is worthless if it’s a huge security risk.

Sim Kern Cheh

14 months is extremely old in the context of support for any project. It is however still considered young in the support cycle for device manufacturers. That’s the responsibility of manufacturers and they should do their due diligences towards their paying customers.

You seem to be directing the blame at the OSS maintainers for not, in your words, “release patches” for older releases. You claimed that fixing the vulnerability is “impossible unless carriers provide an OTA update”. However, you don’t seem to see a problem with the carriers failing to release a patch, for reasons unknown or at least not articulated, and instead channel the bulk of the blame to Google maintaining only later releases.

Some recent fixes to vulnerabilities could have very well leveraged on core changes in newer versions of Android. If a patch were to be made, OEMs might as well just bump up the Android version of the device. AFAIK system requirements also ” haven’t budged ” in recent versions of android. In fact it became more lenient in 5.0. Otherwise, more practically, Webkit is just another component which OEMs and their engineers, people who can release a plethora of different android releases built for their entire product suites, shouldn’t have any issues merging.

Let’s say the maintainers at Google checks out a severely dated branch, merge in the newer WebKit changes and release a minor version. Yet, other than a few devices distributed by Google, all updates, incremental or drastic, still goes through the carriers. The bottleneck is still not with Google or the OSS maintainers. So why waste their manhours for something the carriers and OEMs couldn’t care less?

Again in the open source world, code that’s one year old IS old. If you are not working on master, then don’t point fingers.

By the way, the comparison between Google’s Android and Microsoft is way off. Microsoft’s OS is not ‘free’ the way Android is so you can’t expect HP to offer a free Windows 8.0 to someone who purchased a computer with Windows 7 on it. But nothing prevents Verizon from upgrading their phones if they actually cared about their customers. After all, they are charging a crapload of money for their phone service.

They did release a patch. And its called Android 4.4 and 5. Its the vendors fault for not releasing it. Google made a move in the right direction. Because you know that their apps are patched for the latest version of the OS, they are not responsible for manufacturers own code that needs to be updated to work with android. Lets just say Oracle released Java 8 patch 76, does that mean that the bug was fixed in Java 7? Of course not.

Darren Reid

Exactly. This site has up until recently been aimed at tech enthusiasts. This article screams something that is designed to get people riled up, aiming at the less aware. I’m highly disappointed in some of the recent articles, there is very few places to go for genuine technology journalism and this sight use to be pretty good.

Bosslard

Sebastian Anthony apparently left around the new year; maybe that’s why? Sad times…

CrazyManDan

I followed Sebastian here from DownloadSquad, and I think I’ll be following him in his leaving as well.

Sean Trig

WHAT? Sebastian left?

Bosslard

Yep. Go to one of his previous articles and click on his name. It says “Sebastian was ExtremeTech’s senior editor from 2011 through the end of 2014.” Haven’t seen any articles from him since December 31st either.

Every time I read an article on here I looked for the name Sebastian, because I knew he always wrote the best, most interesting articles. No offense to Joel, I’ve always liked his articles too, but I’m gonna miss Sebastian. I guess we’re gonna see how this site fairs without him.

carol argo

Lol!google refuse to patch android!sorry men but. The title is wrong.google has always supplied code .free I might add,but you cannot. Expect google to fix third party version of android.I am sure if you check nexus one it is up to date security wise but google cannot. And will not slap every corp making device that use android and are not updating if a hardware maker decide to use a pure version of android I am positive all the issue go away .but the question is would Samsung update?nha .that. Is why user are going with a android pure updated by google now a days.no more problemi got a nexus 4 and it. Is up to date to lollipop 5.01

Sleepy

The problem really comes down to the android ecosystem. The manufacturers license android for their specific phones. Than companies like Samsung and HTC do their own customizations. Since these companies do not want to provide continual support and development for older phones, they are the ones who bear the responsibility.

If all phones were Nexus phones with pure Android, that would solve a lot of problems.

John

This is a non-issue.

The right solution here is to update your OS, if you can. Later versions of android are actually MORE efficient than earlier versions, and run well on older hardware.

If your carrier or phone manufacturer controls your software, and doesn’t let you update, you are screwed no matter what.

Shifting their attention from old versions to new versions is the right approach for google.

thx1138v2

Gosh, I can’t wait for Google to take over my car and get the same response for their vehicle OS whatever that turns out to be.

Sean Trig

Hey, well done man. You found a logical fallacy. Guess what two things are completely unrelated? The two things you are comparing.

carol argo

Android in our next gen TV(DROOLING)god that will be so awsome

lamorpa

Intentionally misunderstanding the reason and purpose of this policy does not protect you from being wrong. It’s like saying that supermarkets are wrong for not taking back 2-week-old fruit that has gone bad. Think how much fruit would cost if that were the case.

RH

I’m still running 4.3 which is ROCK SOLID stable on my device, which is 6 months old, and about 9 months since release. Yeah, the latest & greatest in a normal sense would be preferred, but I’ve also noticed a lot of feedback from others, that have received 5.0 that have had battery issues, FC’s, overheating, sound, bluetooth etc. As with the iOS 8.x issues when it first was released, I CHOOSE to hold off until I see feedback if it is stable. What good is the latest OS, if you have to reboot the device 2-3 times a day or more?
What I think really, is going on here, is maybe collusion between the carriers & google to continue to push people into buying newer & newer devices every 6-7 months, thereby extending those stupid 2 year contracts. “Well mr & mrs customer, there isn’t an update available for your device, BUT if you buy this whiz bang new device, it will have the latest security update”…but but but, we just bought this one 8 months ago? It’s worn out already? Well, technology changes so fast that you have to have the NEWEST to make sure some bad guy doesn’t hack your phone. Well, geez, I guess we’ll buy the new one again. Because of the naive and uneducated nature of most of your consumers (just walk around a Best Buy any weekend afternoon and listen to the dribble they spew) , they buy it hook line & sinker. The manufactures sell a new device, Google gets more license fees, ads etc, and the carrier gets suckers locked into a lifetime upgrade cycle. The only ones to lose, are the consumers.

dc

Android is dying. This system can’t be put back together. I was a huge fan for years, but my next phone will likely be Windows or Blackberry.

eAbyss

Silly troll…

lamorpa

‘dying’ as in taking over more than 80% of the market and growing. That kind of ‘dying’?

Sean Trig

“Apple is dying.” Here, I fixed that for you.

ArdvarkMaster

Google –
You can make money without doing evil.

Gerardo Zapata

This is exactly why I switched from Android to Windows Phone, and I couldn’t be happier! ;) I had to switch from most Google services to Microsoft’s though, but they all are just as good (and some even better) than Google’s.

Jacob

Google is not leaving them, the phone manufactures are years being in their update cycles. Google does provide support, but the manufacturers do not update.

Joel Hruska

I should note, for the record, that I view security updates differently than feature updates. If a problem with Jelly Bean rendered it unable to play some latest version of Flash (if such a thing were possible), then I would agree that no, Google isn’t obligated to fix that.

But Microsoft made a long-standing habit of providing fixes, even to people it knew were running its operating system illegally. You could *steal* Windows and you still got patches, even if they blocked off all the extras. For all the things that MS has done wrong over the years, that policy was a good one.

I acknowledge that Google can’t reach its own Android users in the same fashion and that responsibility is with the carriers to push out fixes, but if Google is *doing* the fixes, then the responsibility is solely with the carriers for not pushing them. If Google isn’t doing them, then the issue is doubly problematic. Carriers who aren’t investing in proper software upgrades now have reason not to do them — they can simply blame Google.

The end people who get screwed by this are the users themselves who bought devices without realizing they had to chart the vendor’s compliance with Android update schedules. I won’t claim to have done a survey on this topic, but given that some companies are still shipping Gingerbread, obviously some people *must* still be shipping Jelly Bean.

CoachJim09

Microsoft did that in effort to achieve a sort of herd immunity. Fewer infected machines with pirated versions is better for users with legit versions, and it doesn’t cost them any more to do it.

It seems like you want google to fix the bug in older versions so that it can cover its ass, maintaining the moral high ground over the OEMs, all the while knowing that the patch won’t ever reach the end-users anyway. What a waste of time and resources. OEMS have spent the last 5+ years ignoring older devices. It’s not going to change now.

Motorola pushes timely updates to last-generation phones, so it’s not like it’s anything that Google is doing to stop Samsung, etc from doing the same. They decided to heavily skin their devices and infest their phones with obscure, differentiating software features and just plan old bloatware in exchange for the ability to develop updates quickly and efficiently.

Joel Hruska

What I *want* is two-fold. I want OEMs to update devices regularly *and* I want Google to provide the updates. But if OEMs abdicate that responsibility, I don’t want Google to skip out on its own.

Sean Trig

You can’t have it both ways! Either the OEM handles updates on their specific devices OR Google handles all updates. If you try to get it both ways it becomes a logistical nightmare that ultimately results in higher phone bills, higher prices on phones and less features for everyone.

CoachJim09

What value do you see in releasing a patch that will never reach the end-user?

Joel Hruska

If nothing else, it changes the optics of the situation. Think of it in these terms:

If GM issues a recall, and a GM dealership doesn’t push that information to its customers, than the dealership is specifically at fault. If GM never issues a recall on a defective part, than the entire corporation is at fault.

The model isn’t perfect because dealers are licensed *by* the car manufacturers, but there’s still a perceived difference between “Bob’s Big GM Discount Dealership didn’t tell me there was a problem with my car,” and “GM knew about defects and didn’t tell anyone about them.”

eAbyss

GM produces all of it’s own products and Google does not. I also can’t remember the last time a cell phone was recalled because it’s airbag didn’t deploy, it failed crash tests, or it might start on fire.

Joel Hruska

I did not claim the analogy was perfect. :P

Sean Trig

Joel, come on dude. You’re talking about the difference between a paid model (Windows) and an open-source model (Android/Linux). You don’t see any custom versions of Windows around, and if there’s an exploit in Windows there’s no choice but for MS to fix it. It’s an obligation they took on when they decided to make their OS closed-source.

They can’t blame Google because the carrier and manufacturer are both entirely at fault. They choose what version to use for each phone and what software to include in the OPEN SOURCE Operating System. It’s the difference between apples and lightning-rods.

Joel Hruska

It’s not that simple. Google has been steadily replacing the open-source modules in Android with their own replacements. Look at the Ars story I linked above if you aren’t familiar with the process.

Replacing the AOSP WebView with Chromium-native is another step in this process. I’m not saying there’s no reason for Google to do it, but if you want to play in Android, increasingly, it means you’re using Google’s licensed software — not the Android OSS equivalent.

Sean Trig

It really is that simple. Anyone with an Android phone can swap out the Chromium-native modules you’re talking about. Granted, it takes some know-how, but it’s firmly within the realm of possibility. That’s the whole point of open source.

Also, Chromium is open source. Think of it as a platform upgrade, not a module replacement.

Of course this has nothing to do with what we were initially talking about. There is no correlation between Microsoft’s handling of Windows updates and Google’s handling of this exploit. It’s an unfair comparison and I think you know that.

Joel Hruska

I agree with you that it is unfair to expect Google to push patches to customers when they have no means of doing so.

I disagree that it is unreasonable to expect them to *create* patches for their products and expect carriers to push them out. And so, from the perspective of the end-user, I do not find it an unreasonable or unfair comparison to compare Microsoft and Google in this scenario. Carriers cannot push the bug fixes Google doesn’t create.

Basil Nolan

This makes me happy I have never owned an Android phone of any kind. I’d rather have Apple telling me my phone is obsolete and must consume a new one, than having Google tell me it’s none of their business if I keep going with an unsecure OS.

Sean Trig

By all means, enjoy your walled garden. I’d rather have a company acknowledge that there is, in fact, an exploit than a company that simply ignores the exploit and refuses to comment on it.

Take a hard look at your technology provider before you make grand black-and-white statements like that, Mr. Nolan.

BtotheT

The garden may be walled, I carried the anti-apple pro-freedom stance for some time. But I came to realize, I like my phone as a phone, and my desktop/laptop as unwalled. In a few years when devices become true replacements to desktops in connectivity and capability, then I’ll go back to the pro-freedom necessity. For now, I can’t run PC games or a full PC experience ported to peripherals and screens ect. When it becomes a true pocket PC, then walls will be inexcusable. For now it’s just a communication device, and something limited is acceptable, if not far more consistant. In my opinion of course.

Sean Trig

That’s a perfectly valid point-of-view. As a computer technician it’s not one I share, but I can empathize. Also, that was a eloquent way of describing your position. Well done.

Basil Nolan

Apple has a better record than Google. Why bother?

Mohamed

i just love my Windows phone , i tried to switch to android because my wife got android but it was lag and full of bugs =S

CoachJim09

Unfortunately, the OEM-skinned android experience is subpar, in most cases. I absolutely love my galaxy s4 play edition, but I can’t stand my gf’s s5 w/ touchwiz. It’s slow and buggy and her battery life sucks. If you do decide to give android another shot, get a nexus or a motorola.

Sean Trig

Just get a custom ROM. It’s pretty easy to handle as long as you have basic computer skills and can follow directions.

CoachJim09

It’s not that simple on most phones these days. AT&T locks the bootloader on everything they sell. I’m sure Verizon is doing the same.

People like you and me can install a custom rom with few issues, but in my experience, the same can’t be said of non-techies. Even if they could do it, most are too afraid to even try.

Sean Trig

Yeah, I’ve been reading about having to crack through locked bootloaders lately. It’s not an easy thing to do, but it does get done eventually.

It’s that fear that really gets in the way, you’re right. That’s why they are encouraged to find a technician to handle it for them. I’m always available to make appointments. ;)

Sheepsies

Has google ever gone back and patched an old version of android? Thought they always patched through updates…

eAbyss

Exactly, the patch is 4.4.4 and 5.01. It’s the carrier’s/manufacturer’s responsibility to compile and release the latest version.

eAbyss

It’s laughable to attempt to compare phones to PCs and shows the author has no idea how this works. Google publishes the source code to the latest version of Android then it’s the carrier’s and manufacturer’s responsibility to compile and release an update to the consumer. Google already published an update to 4.3 and below, it’s called 4.4.4 and 5.01. The problem is that carriers and manufacturer’s often withhold updates in order to force users to upgrade their devices. If you want to see how updates should work when consumers are put first then look at the Nexus line.

meddle0ne

So…. it sounds like the model is flawed since consumers will be left with vulnerable devices. That’s really the bottom line. You can defend Google all you want, but consumers are expecting better when they spend their money.

CoachJim09

Consumers aren’t buying a “google” branded phone, though. They’re buying a Samsung or an HTC, etc. Google’s name isn’t on the device, and all of the AOSP apps have been replaced with the carrier’s equivalent. If consumers are blaming google for a lack of updates, then they don’t understand how Android works.

So does google “fix” the model by taking away the OEMs’ choices to brand and differentiate the software on their devices in favor of better security?

meddle0ne

Well according to the article, the vulnerability is with the Android OS, not something the manufacturers did. This is simply a refusal to support older versions of their OS. How would Google fixing their OS’s vulnerabilities prevent manufacturers from differentiating their devices?

CoachJim09

Maybe it’s my limited imagination, but I don’t know how google can take control of their updates while still allowing OEMs to customize the OS.

Neel Gupta

When Microsoft refused to patch XP OS vulnerability, I wonder how many people were “thrown under the bus” !

bmwman91

I think that’s part of his point…XP was supported for 14 years, long after it was profitable. The people that used it had 5+ years of warning about support ending.

Paul Luman

This is why I’m switching to an iPhone.

lamorpa

…so you can be forced to install an update that makes your phone run so poorly that you have to buy a new one.

Sean Trig

Working as intended.

massau

Sorry, you have to make HP, Dell, and Lenovo provide you with a free update for our operating system

Isn’t this different, andoid is linux based and thus free, so they just have to make a kitkat patch and be done with it. i guess the main problem (like always with linux) are the drivers. but if the oem used android opensource and updated there users wouldn’t they be using kitkat today?…

Joel Hruska

Extensive validation and porting costs + internal testing. It takes most OEMs 3-6 months to provide updates to new operating systems when they provide them at all.

massau

i guess they still need a better update model. why do they have to do internal testing and porting?
can’t they update android in a way windows updates?
My drivers (firmware) doesn’t have to be retested everytime windows updates.

just off topic:
i wonder what would have happened if android wasn’t based on linux but based on somekind of new kernel system like a micro kernel or exo kernel.

Omar O’Hara

Would this not give OEMs a reason to update their hardware to the latest version of Android? It seems the development communities that get behind popular devices can keep them updated well after the manufacturer has ‘given up’ on them. Shouldn’t the OEM be able to do the same?

How many users utilize the stock browser, anyway?

Sean Trig

There was once a graphic that showed the process of an OEM getting a new version of Android. If memory serves, they had to pay Google to license the new version, change the source to include OEM software, test it, THEN deploy it. Takes a lot of money and time, which is why non-AAA phones never get updated software.

Ravi Shankar Bc

crome browser when it came out was just amazing but if you observe its the only browser which has a lot of malware and it sucks actually IE has improved a lot these days

lamorpa

Incorrect. IE and Safari still lead in malware. How did you not know that?

Sean Trig

You couldn’t be more wrong. As a computer technician I beg people to get off IE. There are an incredible amount of exploits and malware that can take advantage of IE and don’t work on Firefox/Chrome/Safari

meddle0ne

Good article Joel.

boxofgrass

Your argument is rubbish, and this article is click bait.

thecrud

An Iphone fixes this problem.

Sean Trig

Found the fanboy!

StarLord

You can’t compare Android upgrade with Windows update. HP, Dell and Lenovo don’t modify Windows before shipping to users. They may add their own software, but that’s all. Android phone manufacturers modify Android OS to add their own layers, preventing Google from updating directly. It’s up to them to update their users to the latest android.

So, you don’t know what you’re talking about. And if you’re one of those people who choose to purposely not update to the newest version, then you shouldn’t even be writing a tech-related article. I won’t be surprised if you still use Internet Explorer instead of Google Chrome.

Joel Hruska

I use IE, FireFox, and Chrome. And I’m fully aware of the differences between the Windows and Android licensing models.

larry9

Congratulations, you dreamed up the BS headline of the year.

rltmd

I have to imagine that this is written by another Apple fan-boy. To compare Android software to Windows is ridiculous and a stretch at best. Since Android is open it would be almost impossible to constantly go back and fix problems in outdated releases. Besides most people buy new phones every 2-4 years and get the latest software. Most people do not buy new PCs every 2-4 years. There are still a lot of people/business running XP on the original PC they purchased. So this is like comparing and apple to an orange. Yes they are fruits but totally different.

Joel Hruska

I have an iPhone, yes, but am no Apple fanboy. My iPhone 5C runs iOS 7 — after looking at iOS 8, I see absolutely no reason to upgrade and several reasons to avoid it. My main PC is a 2011-era rig running Windows 7. I also have several Android tablets and an Android phone as well.

Matthew Caroffino

Its funny to compare Android to Windows business model and make it appear that Google has abandoned you. In order to upgrade on Windows, from Windows XP to Windows 7, you had to buy the update. As far as i know, you didn’t buy a licenced product from Google and your updates are free on Nexus phones. The only thing keeping you from upgrading your phone is manufactures and telecom providers, whom have no interest in upgrading your phone software and would rather have you believe that you have to run out and buy the next hyped phone because it has a newer OS and hardware.

Sean Trig

Yeah, I had to stop reading. Android is open-source. I can guarantee it’ll be fixed in any 4.3 custom ROM, and many custom ROMs already use 4.4.2. You also don’t take into account that OEMs already modify Android according to the their specific needs and the needs of the hardware, so applying a patch at the OEM level isn’t as hard as you’d think.

I’ve read a lot of your articles, Joel, and I’d say you have a great grasp of many subjects. I just don’t think Android development is one of them.

Thanks for the article though!

Aaron Ellis

Isn’t this easily fixed by installing a different browser? Though webview is native in android, patches can exist through the browser itself and using Chrome (because this article talks about android browser or AOSP browser, not Chrome) Firefox Opera or others would easily allow a patched webview experience on an older device.

Joel Hruska

I genuinely don’t know. Plenty of manufacturers dont’ ship alternates and defaults tend to control the market.

Aaron Ellis

Microsoft’s comparison is Internet Explorer, which despite proof that there are better more stable, faster alternatives, people don’t use it I’ve been trying to better understand it, but can’t find a solid answer either. I did find that WebView is a standard that many developers use because it exists within the OS; meaning they don’t have to write their own browser to view html elements within the apps (like facebook does with external links). This would be the main area of concern, but standard web browsing, done through a browser, can be patched and doesn’t pose as great a risk.

Google used to be “do no evil” – but that was long ago in galaxy right here

Scott Hall

I must be a “no one” I’ve been using Loliipop for some time now…

Joel Hruska

Those stats above are from Google’s own databases. Right now, virtually no one has adopted Lollipop. This will obviously change in coming months.

me

Microsoft does tell that to the laptop makers…because drivers are device specific.

Aaron Ellis

Yeah, any owner of an HP or Dell computer can see that they stop updating drivers almost a year after the computer hits the market. My Realtek PCI adapter for example is no longer compatible with windows 8 because the driver hasn’t been updated for years. Same issues…

84guy

Only way to fix this is the require all oems to run stock Android and release thier own apps in the play store. But that’s not going to happen

Zac Rupnow

Google has updated this in later versions of the OS.
They can’t force manufacturers to update their outdated skins.

JohnCalla

That long article and nowhere did it mention what this “OS vulnerability” is.

Dave

Why is this Google’s proble? Ask the manufacturers to update their phones to 4.4.4.

Manufacturers (OEMs) should support their hardware for longer than a year.

Nick Atkins

or the companies who USE the free software to put on their phones to make money should 1. patch it themselves or 2. provide timely updates that have been patched. Google has fixed it by providing timely updates on the phones they sell through the Nexus line. It isn’t their fault if others don’t follow suit

John Scott

Sorry, I can’t defend Google on this or anyone for dropping support on some devices still sold today. Even Apple is better then this. But Android is a messy splintered OS and frankly wouldn’t touch it for anything. Its a perfectly fine OS, its just Google and its partners are terrible at support.

wowyoujustfailed

What? HP, Dell, and Lenovo don’t modify Windows to suit their devices. Their devices are designed around Windows. Microsoft releases updates, not those companies. This is an awful comparison and renders your argument invalid. I also think you’re taking this too far. Google means that patches have not always actually solved problems so they will look at it before having their programmers waste their time on something that will waste time to troubleshoot and fix. Google needs to work on the big bugs and parts of the is before tiny details that are difficult to fix get in the way. In fact, you should be glad Google is doing this because we will only get better updates faster.

Hid

Hey whats your prob with google fellow? Any way i stopped reading the article as soon as i read “no one is using lollipop yet” wich is absolutely false! What you should have been aware of is some newly commercialized phones do work under android 5 (sony and evertek these are two non-google-companies), and if we do not consider these, all you have to know is that google updates nexus’ as soon as smth comes up. And last thing, updates do come from Samsung LG and sony not from google! Every company adds its layer, so as far as they are concerned, they do have to update their operating systems. I am S3 and am stuck in 4.3 because Samsung didnot update it to kitkat! Whose problem is this? Mine and Samsung’s not google’s ! Its not iOS we are talking abour guys let’s be rational. What yoh said about Microsoft and Google is hilariously non-sense and funny!

Joel Hruska

The statement that no one is using Lollipop is based on Google’s own information that they’ve made publicly available.

Not sure where you get your data but you might want to get factual data not manufactured data.
This article is like reading something written by a monkey.
The fact is lollipop is wonderful and full of flavor. Unlike that drab and boring iOS.
You see android is not for everyone. Its for intelligent people.
Last I checked I still can download all the music I have bought through the years. Not so for ipbone users. And my user interface is amazing. I have an experia Z2, nexus 5 and a few other droids. I have an iphone but compared to any android ios feels antiseptic and mundane.

Hopefully You learn how to write a truthful article your writing is as entertaining as watching yacht racing

Mario A. Vazquez

No, they are pushing OEMs to update their products. More than half of those 4.1-4.2 devices can run KitKat, and with it, will perform even faster.

rayblasdel

Generally I agree, this would be important if Google actually had a way to deliver updates to those devices. Android in hardware is completely dependent on manufactures to release updates and maintain there heavily modified versions of Android. If the manufacturers/carriers were so inclined to actually maintain their devices OS after pocketing the money the consumer wouldn’t be at risk as they would already be in a version that is not venerable to the attack.

A better percentage would be how many of those 80% are running stock android that Google could potentially update.

You cannot compare the issue with Microsoft , its a paid OS . Android is free OS So yes Google can ask others samsung, LG etc to help …Nothing wrong with that. Its your thinking that is wrong Mr author you want everything free.

Joshua Sailer

If im not mistaken, Android is open source, and OEM’s such as LG, Samsung, and HTC have their own skinned version of android, and do provide updates of their own skinned android Operating System, so why would it beup to Google to patch an exploit in these OEM’s OS, when they are perfectly capable of doing it themselves.

Max

This isn’t Google’s fault. Google has been pushed to the brink. When OEM’s don’t give us updates and hold back Google’s tech, just so they can make us buy a new phone every time Google has an update, well i would say that Google is in the right. You wan’t an update, well, let your firewall OEM take care of it. Unless there is a direct connection with Google and the Consumer, we can’t blame Google for what the OEM’s drag their feet on. I don’t blame Google. Because OEM’s still want to be in control and Lollipop, starts giving Google the actual power behind the updates. http://www.latinpost.com/articles/31799/20150114/android-5-lollipop-update-google-reveals-slow-adoption.htm

Richard Fenoglio, Jr.

I agree with Google. They cannot be expected to support ALL devices that are running customized Android installs. Google is only responsible for their Nexus devices, which are all updated to the latest OS anyway. If you want Google to provide the security, then start a petition for phone makers to run stock Android and ink deals with Google.

gorkon

Actually this…is bullshit. Google fixed the issue. The problem isn’t Google’s but it’s Samsung, HTC, ZTE, Huewei, Verizon and many more at fault. When you incorporate software into hardware you now have a responsibility to provide updates. If you do not, then it’s not Google’s fault but yours.

Davyd

Google’s products are just spyware, do their users really care about security?

It is based on Chromium and updates just as regularly as Chrome on Android. It is possible to distribute the WebView with your app and thus decide when you are ready to upgrade.

Today it is used by Sencha Spaces, AppGyver, famo.us, Ionic and others, incl Google for their mobile ChromeApps on Android.

It works on Android 4.x and up (yay!!! :-)) and is being developed by a group of engineers at the Intel Open Source Technology Center http://01.org but also sees contributions from Samsung (Tizen support etc).

MacClocker

I think Google is shooting themselves in the foot in that an alternative,
Ubuntu Phone is now out in Europe and soon to be out worldwide..and from what I have seen, it looks sweet and it has the ability of multitasking…a feature completely missing from Android.
I am of the opinion that Android is the worst linux OS ever to grace our screens, and I’m a “distro hopper” meaning that I have run and used a LOT of Linux operating systems.
I run ICS and Jellybean and they crash a lot, bluetooth doesn’t play nice with each other…When I turn on bluetooth, my wifi connection drops completely..meaning that I cannot use a bluetooth keyboard and be on the net at the same time.
On my phone (ICS) I can get a full set of data bars but they are grey? That IMHO means that I have a good connection, but for some reason I get no data traffic up or down stream, and all my “network dependent” games will not work, or even load.

“unfortunately x program or widget has stopped working” has become a regular popup on my devices which is very annoying…In short, Google should be bending over backwards to help people with their OS instead of leaving a bad taste in users mouths. With Windows Phone becoming more mature and Ubuntu Phone do out soon, Google is committing technical suicide.

Travis Holt

This entire blog post is a misunderstanding as to how phones are manufactured.

This is 100% an OEM issue. Those software versions HAVE been updated. The update currently is the most recent source code for lollipop. It is up to the OEM to take that source code and make it work ok their hardware. OEM’s do this at first development of the device, implementing specific drivers for the chipset and components (such as your camera, the processor, the graphics processor, and the audio card), from there they have to test the device, correcting errors in coding as they arise, then batches of devices are made with the software compiled for that device installed on the device, from there in order for updated software to become available for the device, the OEM must push the update out for the device.

However google can do something to resolve this, they could implement a system update into their play store app that is able to push out the updates to their operating system that are not device specific updates. The play store app already detects system hardware as it is (to hide incompatible apps from being shown).

If you’re purchasing a brand new device running anything under 4.4.4, that’s an OEM issue.

Yeah that is right. there are so many patches requested in 2012-2014.more likely to IcecreamSandwich to kitkat. And google didn’t give a damn. so It is obvious that android users are switching Android to other like Microsoft. Best iPhone Car Mount

Jostikas

Google is trying to fix it’s market fragmentation problem by forcing OEM-s to update their phones to the newest versions. I see that as a good thing. Given that most OEM-s currently stop releasing even security patches to their phones after 18 months in an attempt to force customers to replace their otherwise perfectly working phones, Google’s work would be for naught. And nobody wants to do useless work.

Also: no point bringing Windows as an example. They also are pushing in the direction that only the last or next-to-last versions are supported, and major version changes are getting more granular.

John Ross

Why are people still on 4.3?

Kenton Smith

Good, maybe this will get manufacturers to actually update their devices instead of dropping support for them 6 months after they launch (doubtful but you never know). I use nexus devices though so I don’t really care.

this is so not true at all. Google does patch there system. Each patch is a release for them. Its not googles fault that the carriers and OEMS are not keeping up with google because they keep modifying the operating system so much that it looks like android 2.0. For example samsung has touchwiz that is still hasnt been optimized for the more recent versions of android.

The sad thing is MS is doing the exact same thing. We ARE stuck waiting for patches by HP, Lenovo…… The drivers for there products usually are the cause of all the patching that the operation system has to be done. MS doesnt write the drivers the OEM’s. They write the operating software!

So stop saying that google is doing what MS did years ago. Its so NOT true!

CelestialTerrestrial

I saw this coming which is why I never considered Android as a viable alternative. Since Microsoft was way behind the curve in smartphones, I decided that Apple was the better route, and I never looked back. Oh well. F— Google, they are a bunch of spoiled brats misleading everyone for years. Oh, and how’s that Google Glass doing? Haven’t heard a peep out of Google, did they can the project completely?

KJ

device manufacturer should provide the patches.

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.